Loading...

About Centre


C-DAC established its Hyderabad Centre in the year 1999 to work in Research, Development and Training activities embracing the latest Hardware & Software Technologies. The centre is a Knowledge Centre with the components of Knowledge Creation, Knowledge Dissemination and Knowledge Application to grow in the areas of Research & Development, Training and Business respectively. The R & D areas of the centre are e-Security, Embedded Systems, Ubiquitous Computing, e-Learning and ICT for Rural Development. The centre has developed over a period of time a number of products and solutions and has established a number of labs in cutting edge technologies. In line with these R&D strengths, the centre also offers Post Graduate level diploma courses. Centre is also actively involved in organizing faculty training programs. The centre regularly conducts skill based training and information security awareness programmes. InDG portal is hosted and maintained to facilitate rural development through provision of relevant information, products and services in local languages.
C-DAC Hyderabad developed solutions defending the end point security threats. These solutions span across mitigating threats through USB mass storage devices, data exfiltration, malicious / unknown applications, application behavior, malware and web browser. Behavior heuristics as well as applications behavior whitelisting approaches are used and various solutions are developed. Efforts are also being made to address malware threats through browsers on desktops and mobiles.
End Point and Network Security Solutions
  • Application and Device Control (ADC): It is a centralised solution for application and device control
  • AppSamvid: An application whitelisting solution for the desktops
  • USB Pratirodh: A USB mass storage device control software targeted towards securing end systems from unauthorized usage of portable USB storage devices
 

Introduction


C-DAC Hyderabad, Participating Institute (PI)

C-DAC established its Hyderabad Centre in the year 1999 to work in Research, Development and Training activities embracing the latest Hardware & Software Technologies. The centre is a Knowledge Centre with the components of Knowledge Creation, Knowledge Dissemination and Knowledge Application to grow in the areas of Research & Development, Training and Business respectively. The R & D areas of the centre are e-Security, Embedded Systems, Ubiquitous Computing, e-Learning and ICT for Rural Development. The centre has developed over a period of time a number of products and solutions and has established a number of labs in cutting edge technologies. In line with these R&D strengths, the centre also offers Post Graduate level diploma courses. Centre is also actively involved in organizing faculty training programs. The centre regularly conducts skill based training and information security awareness programmes. InDG portal is hosted and maintained to facilitate rural development through provision of relevant information, products and services in local languages.

C-DAC Hyderabad developed solutions defending the end point security threats. These solutions span across mitigating threats through USB mass storage devices, data exfiltration, malicious / unknown applications, application behavior, malware and web browser. Behaviour heuristics as well as applications behavior whitelisting approaches are used and various solutions are developed. Efforts are also being made to address malware threats through browsers on desktops and mobiles.

One of core thematic area of C-DAC Hyderabad  is Cyber Security, where the primary research area in Cyber Security is End Point and Network Security Solutions, Malware Reverse Engineering, Network Monitoring, SoC, Block chains etc..and released the following products

  • Application and Device Control (ADC): It is a centralised solution for application and device contra
  • AppSamvid: An application whitelisting solution for the desktops
  • USB Pratirodh: A USB mass storage device control software targeted towards securing end systems from unauthorised usage of portable USB storage devices

 

Advanced Faculty/ISEA Member

Cheif Investigator: Shri Magesh Ethirajan, Director, C-DAC Hyderabad

ISEA Coordinator: Ch A S Murty, JD

Web Coordinator: Mrs Indraveni, PTO

Members /PMU

Mr Chandan Sharma, Consultant (MeitY)
Mr E Naresh (C-DAC Hyderabad)

Information Security - Awareness/Web/PMU

Mr I L N Rao, Project Manager
Ms Indrakeerthi K
Mr Jai Prakash K
Mr PSS Bhardwaj

Mr Sreedhar A, HR
Mr Sudhakar V V B, Sr Financial Officer
Mr MVN Rao, Sr Administrative Officer



 

Responsibilities

Under ISEA Project Phase-II, forty (40) institutes have been identified as Participating Institutes to offer various formal and non-formal courses in the area of Information Security. These institutes are further sub divided in three categories viz. Category I, II & III (Special Category).

C-DAC Hyderabad is participating as Project Management Unit, Coordination of Awareness Programs and PI -Category II along with training of Government Personnel with the following objectives
 

  • Coordination of 55 Institutes including ISRDCs, PI and RC in order to achieve the objectives of ISEA Phase-II
  • To professionally manage and support the Department in implementation and monitoring of the project throughout the country
  • Preparing a central repository for all the courses designed, course material/LM, etc. developed under the program which are designed by 51 institutes of ISEA Phase –II
  • Design and Development a suitable MIS about the trained human resources
  • A suitable technology forecasting and market analysis mechanisms. This activity is proposed to be coordinated and carried out under the technical and professional mentoring by ISRDCs in close association with Data Security Council of India (DSCI)/NASSCOM.
  • A centralized website for ISEA project
  • Launching non-formal modular/short-term knowledge-cum-skill oriented courses etc. for working professionals at all levels including the flexible certificate programs, certification scheme
  • Training of Government Personnel
  • Creation of mass information security awareness targeted towards
    • Academic Users: School level – Children, Parents & Teachers, College level – Students & Faculties 
    • General Users: Small enterprise/Business users, SME Sector/Non IT industry, NGO’s, CSCs, Cyber cafes and general public at large
    • Government Users: Central/State Government employees (non IT professionals), Legal / Police personnel’s etc. 

Research

Increased Internet penetration has given exponential rise in sophisticated attacks on Information Technology (IT) infrastructure. Attackers are gaining access to sensitive information like credit card details and other financial information. Smartphone attacks are growing in multiple folds. Also with the growth of 3G services and business transactions using mobile phones, there is a substantial increase in mobile malware. In order to make our IT infrastructure resilient against these threats, there is a need for cutting-edge Research and Development efforts in Cyber Security. C-DAC has been actively pursuing R & D in a number of sub-areas in Cyber Security domain.

C-DAC developed solutions defending the end point security threats. These solutions span across mitigating threats through USB mass storage devices, data exfiltration, malicious / unknown applications, application behavior, malware and web browser. Behavior heuristics as well as applications behavior whitelisting approaches are used and various solutions are developed. Efforts are also being made to address malware threats through browsers on desktops and mobiles.

End Point and Network Security Solutions

  • Application and Device Control (ADC): It is a centralised solution for application and device control

  • AppSamvid: An application whitelisting solution for the desktops

  • USB Pratirodh: A USB mass storage device control software targeted towards securing end systems from unauthorized usage of portable USB storage devices

  • Browser JSGuard: Browser JSGuard is a browser extension which detects and defends malicious HTML & JS attacks made through the web browser based on Heuristics. It alerts the user on visiting any malicious web pages and provides the detailed analysis threat report of the web page.

    • Features

      • Content/Heuristic based JS & HTML Malware protection

      • Alerts the User on visiting Malicious Web pages

      • Provides detailed analysis of webpage threats

      • Ease of installation

C-DAC is developing mobile device security solution to provide features like secure storage, application monitoring and control, local and remote secure device backup and restore, Remote Erase/ Lock and Call & SMS Black listing/ White listing, etc. Solution also supports offline application analyzer and kernel level enforcer. C-DAC is making efforts in developing an automated Web Security Assessment Framework, to assess the vulnerabilities and risk associated in the discovered vulnerabilities

Design and Development of a light weight data security framework for mobile platforms

This project aims to develop security components that can be transparently utilized by mobile application developers for making their mobile applications secure. One of the security component developed, would provide confidentiality of transmitted data which will be provided by encrypting the information flow between the communicating parties, and thus provide end-to-end security between the communicating parties i.e. between the mobile client and server. Another security service that would be implemented is authentication of sender and also the integrity of each transmitted message. Moreover security service for key generation and key management will also be implemented so that the developer need not worry about the intricacies of developing them himself. Since mobile applications are power-aware and bandwidth constrained, light weight algorithms would be utilized for providing these security services. Also since most of the mobile applications require storage of application data on the mobile phone, this triggers the need for secure storage of information in case the data is sensitive. Presently secure storage is not tightly integrated with the mobile development SDKs and hence the application developer needs to incorporate this facility. The project would also develop a library that can be used by the developers in case secure storage of such sensitive data is required by the mobile application. Presently the framework provides generic APIs to communicate over HTTPS and generic storage APIs for storage on Android and JavaME platform.

Web Application Security Assessment FramEwork - WebSAFE

WebSAFE Modules

WebSAFE is a comprehensive, OWASP Complaint, extensive and powerful web based assessment framework to cater to all security assessment needs of a web application. Developed in utmost need of the hour, where generic and lucid results of the product speaks the most about security, and relates well to the vulnerability assessment of the target application.

WebSAFE aims at a one stop Vulnerability Assessment(VA) Solution, that is open source and takes minimal set of inputs from the users. What brings in a major breakthrough with the product is – the open source tools integration, a well versed knowledge base, and least false positives in the VA findings. The framework is user friendly, provide the best generic results, gives a crisp, lucid report that clearly explains the security flaws addressed and provides with the workarounds to the findings.

WebSAFE intends to promote and create awareness about the nature of security among the individuals, institutions, organizations, and the industry, who think that security is the last thing to do, whereas, its a gradual and continuous process. It helps organizations to detect vulnerabilities in web applications hosted by them before proceeding for security test certification

WebSAFE Modules

Security Issues Addressed

Salient Features & Benefits

User agencies (sectors) to whom the solution is relevant

Any Organization hosting web applications, like Defense Services, Government Organizations, academic institutions, Banking industry, telecommunications, industries etc.,

Information Leakage

Injection Flaws

XSS, CSRF, Clickjacking kind of Vulnerabilities

Authentication and Authorization failure

Denial of Sevice

Simple & User-Friendly

Multiple Scan at any instance

Schedule Scan

Exhaustive Information Gathering

OWASP Compliant

Risk Assessment and Mapping

In-Depth Crawling

Deep analysis on SSL Configuration

Exploitation of Discovered Vulnerabilities as Proof of Concept (PoC)

Easy to understand - Executive Summary and Developer Reports

PAVS - PHP Application Vulnerability Scanner

PAVS is a static source code analyser tool for scanning vulnerabilities in PHP web applications. This targets cross-site scripting, SQL injection, file manipulation, command injection and code evaluation related vulnerabilities in PHP based web applications. And it checks these vulnerabilities against user input & file and database related functions. And it also checks the loop holes in PHP configuration file. A detailed report on the vulnerabilities present in the source code is generated in the PDF format.

PHP- PHP Application Vulnerability Scanner

Features :

  • Detects vulnerabilities related to popular attacks
  • Lists the loop holes of PHP configuration settings.
  • Impressive report on identified vulnerabilities.
  • Saved report in pdf for further verification.

Faculty Training Program

Conducted certified security training for all C-DAC PI's and other C-DAC Centres in March 2016


Planning to conduct trainnig during 29th,30th June and 1st July'2016 on Mobile Security Training for all PIs of ISEA Phase-II and other C-DAC Centres

Paper Publication

Coming Soon!!!

Coursewise Design

Coming Soon!!!

Download

Coming Soon!!!

Conference/Workshop

Coming Soon!!!

Style Switcher

Predefined Colors

Layout Style

Header Color

Footer Top Color

Footer Bottom Color